<?php

   /**
    *
    * FILE:          ProcessLogin.php
    * LOCATION:      /root/actions/
    * REFERENCES:    index.php
    *                admin.php
    * FUNCTION:      Used to process user login requests 
    * DEPENDENCIES:  db_connect.php
    * 
    * --> LAST CODE MERGE FROM HALFSLIDE:  9-26-07  
    * ==============================================================================
    * 
    * @version $Id: ProcessLogin.php,v 0.1 2007/09/3
    * @copyright Copyright (c) none
    * @author Peter Holcomb
    * @license http://opensource.org/licenses/gpl-license.php GNU General 
    * Public License Verison 2 (GPL v2)
    * 
    * ==============================================================================
    */

   //connect to database
   include('../includes/db_connect.php');

   //session!
   session_start();

   error_reporting(0);

   //TEST IF USER IS ALLOWED TO ACCESS SYSTEM
   if (isset($_POST['user']) && isset($_POST['pass'])){
    
		$user = mysql_escape_string($_POST['user']);
		$pass = mysql_escape_string($_POST['pass']);
		
		$query = "SELECT * 
                FROM user 
                WHERE user_name = '".$user."'"; 
                //AND password = '".$pass."'";
	
   	$result = mysql_query($query);
	
	
	   //user match was found, send to MAIN DATABASE PAGE
   	if($row = mysql_fetch_array($result)) {
   	 
   	 	$salt              = $row["salt"];
			$secure_password   = $row["password"];
			$password          = md5($salt.md5($pass));	
       	
         if(strcmp($password, $secure_password)==0) {		
			
         	$_SESSION['logged_in'] = $_POST['user'];
				$_SESSION['user_id']   = $row['id'];
			
         	header('Location: ../admin.php');
			
         	exit;
			}		
			
			//echo "secure password: ".$secure_password."<br/>";
			//echo "password: ".$password."<br/>";
			
		}
   
   }
     
   //oops, user was not authenticated. set GET var STATUS to
   //Invalid Login and keep user on login page
   header("Location: ../index.php?Status=Invalid Login");


   exit;

?>